Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication.

Published byWarren Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication."— Presentation transcript:

1 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity."Usage Guidelines for Gartner ServicesGuiding Principles on Independence and Objectivity Perry Carpenter, MSIA, C|CISO Leadership Partner EITL Security & Risk Management The Future of Global Information Security: Information Security Five-Year Scenario

2 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Controls Help Us Achieve the Target Level of Security But with hundreds of potential controls, we need a way to select the right ones The Strategy Tool: Four strategies for selecting controls Search & Destroy Castles & Moats Psy Ops Behavior Jujitsu

3 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Fact: The Real World Changes It no longer works to base control decisions on past performance We need a way to plan for the ways the world might become, not how it was We need a five-year planning guide that: -Identifies possible future conditions -Provides a way of detecting shifts in direction (guideposts) -Calls out control requirements early

4 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Problem Statement How will the Nexus of Forces (cloud, mobile, social and big data) plus other forces and trends, transform the practice of information security and IT risk management between 2014 and 2019? What are the two most powerful uncertain forces driving change? How might those forces interact? What evidence exists now?

5 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Critical Issues How the world might change? How shall we detect that change? How shall we deal with that change?

6 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Threats Against Targets: A Moving Target As servers move into the cloud As enterprise security improves As mobility drives increased connectivity out to the edge As the value at the edge increases As end-node compromise tools continue to become more automated And …

7 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Orders of Magnitude … as the number of highly trained cyber-students increases by orders of magnitude: -Over 100 "white hat" hacker university degree programs in U.S. funded by NSA and DHS. -Similar programs in UK. -10 th through 12 th grade training for all in Israel. -Similar programs growing worldwide. - China in a leadership position? Now assume that 90% stay on the "white hat" side.

8 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Trend: Our X Axis Security compromise of enterprise accounts may become more heavily weighted to indirect attacks through captured end nodes, or may focus even more clearly on servers. Enterprise TARGET Individual

9 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Who Will Save Us … … From the chaos that is the Internet? Nation-states want to carve the Internet into manageable pieces. Cloud and Big Data push toward less regulation. Governments threaten to regulate. "Critical infrastructure" is continuously redefined. But very little actually gets done. And what does get done takes a looooong time.

10 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Trend: Our Y Axis The level of market intervention can vary dramatically, shifting costs and influencing business flexibility. Monolithic Tribal AUTHORITY

11 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Gartner Security Scenario 2014-2020 How we select from and apply our four control strategies will depend on how the world changes for our organization. Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

12 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Gartner Security Scenario 2014-2020 TARGET EnterpriseIndividual Tribal Monolithic AUTHORITY 1 2 3 4

13 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Attack publicizedPublic shaming and finesNATO cybersecurity divisionInt'l cyberwar convention Additional regulations Gov't disclosure of breach Software liability defined Enterprise Target Centralized Authority PUSHING TOWARD THE CORNER Cyber "Monroe Doctrine" RoE Regulated Risk 1 Governments use regulation to provide safety An attack can become an act of war All infrastructure becomes critical infrastructure Enterprises are held responsible for actions of employees Evidence: Critical infrastructure directive

14 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Enterprise Target Fragmented Authority Corporate counterattackCyberwar merc. co. IPOCyberinsurance fails Cyberwar dept. in financeCrypto-extortion schemes$100 million cyberblackmail PUSHING TOWARD THE CORNER Coalition Rule 2 Evidence: Cyber and Cloud Security Alliances; drug cartel use of Internet Warlords and cartels rule Corporations establish fiefdoms, suppress independent innovation Aggressive corporate and national espionage Supply chain for offensive activities Underground economy grows

15 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. CPSC/FTC take action School training Individual Target Centralized Authority ISPs retain transactionsUser databaseU.S. class action lawsuits 3 Evidence: Do not call list; FISA amendments Controlling Parent Attacks against individuals push government to act Governments try to establish a norm of personal responsibility Theft-oriented botnets proliferate Surveillance society grows Strong privacy regulations emerge Mobile devices become closed, curated PUSHING TOWARD THE CORNER

16 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Anonymous focus on CEOsCyberbullyingE-commerce slows Individual Target Authority Breakdown CybermilitiasRefusal to hold personal infoFacebook loses members 4 Neighborhood Watch PUSHING TOWARD THE CORNER Evidence: Islamic Internet efforts; increase in identity theft; "net nanny" approaches E-militia emerge — self-organizing protection societies Extreme anarcho-hacktivism Internet resembles gangs of New York Corporate and communal walled gardens form Extensive darknet and dependence on anonymity E-commerce declines due to distrust

17 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Tribal Monolithic EnterpriseIndividual The Gartner Security Scenario: Evidence for Every Direction CSA DNC Islamic Internet CID NOW

18 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. So Watch for the Milestones Monolithic EnterpriseIndividual Tribal

19 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Four Different Threats and Opportunities Regulated Risk: -Threat: Over-regulation increases cost without decreasing risk -Opportunity: Lobbying can influence direction and degree Coalition Rule: -Threat: Increase in attacks could cause severe damage -Opportunity: Found (then dominate) an industry standards group Controlling Parent: -Threat: Privacy regulations will inhibit business operations -Opportunity: Surveillance society benefits those who do Big Data well Neighborhood Watch: -Threat: E-commerce drop; reputation and trust failures -Opportunity: Form your own protection society for your customers

20 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Understanding the Strategy Tool Active Controls Passive Controls Behavioral Controls Technical Controls Search & Destroy Castles & Moats Psy. Ops. Behavior Jujitsu

21 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Four Control Directions Castles and Moats: -Traditional passive technical controls -Isolation via network architecture and access controls Behavior Jujitsu: -Improved security training programs as passive (defensive) behavioral controls Search and Destroy: -Active technical approach to returning fire Psy. Ops.: -Advanced behavioral intervention

22 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. The Controls We Need Vary With the Environment We Are in Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

23 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Control Interdependence SIEMAdmin Usage Guideline SWG TECHNOLOGICAL BEHAVIORAL ACTIVE PASSIVE

24 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Building a Strategic Response Acceptable Use Guide Event Log TECHNOLOGICAL BEHAVIORAL ACTIVE PASSIVE Report Incident Confront Tailgaters

25 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Using the Strategy Tool — an Example Neighborhood Watch: Threat: E-commerce drop; reputation and trust failures. Opportunity: Form your own protection society for your customers. Control requirements? Distributed, autonomous: ˗ Can run in isolation on consumer endpoints. Extended perimeter (VPN): ˗ Centrally managed but remotely initiated. Endpoint neutralization: ˗ DDoS of attack sources. Control options? Passive behavioral: ˗ Observe and report. Passive technological: ˗ EPP platform with VPN agent. Active technological: ˗ Identify and attack apparent attack sources via neighborhood watch botnet. Coalition Rule Neighborhood Watch Regulated Risk Controlling Parent

26 © 2014 Gartner, Inc. and/or its affiliates. All rights reserved. To Do List Gartner: -Special report phase 1 -Special report phase 2 -Ongoing research publication You: -Analyze the impact of the four quadrants on your organization -Outline your response to each of the four quadrants using the strategy tool -Monitor the environment for milestones as they occur -Shift your controls strategy as change happens

Download ppt "© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication."

Similar presentations

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
12 August 2004 Strategic Alignment By Maria Rojas.

12 August 2004 Strategic Alignment By Maria Rojas.
Driving change in information risk within the financial services industry Subtitle Date.

Driving change in information risk within the financial services industry Subtitle Date.
Hedge fund flows on pace to nearly double 2012

Hedge fund flows on pace to nearly double 2012
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
2 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The CPA Profession Chapter 2.

2 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The CPA Profession Chapter 2.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 2 - 1 The CPA Profession Chapter 2.

©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley The CPA Profession Chapter 2.
The following slides are approved for external use but may not be altered in any way. For additional information, contact Tom Agoston at Tom Agoston/Somers/IBM.

The following slides are approved for external use but may not be altered in any way. For additional information, contact Tom Agoston at Tom Agoston/Somers/IBM.
Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.

Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.
Chapter 3 Organizational Environments and Culture

Chapter 3 Organizational Environments and Culture
Study conducted on behalf of Microsoft by Harris Interactive Inc. Study conducted on behalf of Microsoft by Harris Interactive, Inc. Study conducted on.

Study conducted on behalf of Microsoft by Harris Interactive Inc. Study conducted on behalf of Microsoft by Harris Interactive, Inc. Study conducted on.
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
Managing Cybersecurity Risk in the Emerging Healthcare Eco-System

Managing Cybersecurity Risk in the Emerging Healthcare Eco-System
The CPA Profession Chapter 2.

The CPA Profession Chapter 2.
Copyright 2004 John Wiley & Sons, Inc.21 - 1 Information Technology: Strategic Decision Making For Managers Henry C. Lucas Jr. John Wiley & Sons, Inc Dinesh.

Copyright 2004 John Wiley & Sons, Inc Information Technology: Strategic Decision Making For Managers Henry C. Lucas Jr. John Wiley & Sons, Inc Dinesh.
Mercer’s Climate Change Research 2011 to 2015

Mercer’s Climate Change Research 2011 to 2015
Ethics in Information Technology, Second Edition 1 Chapter 1 An Overview of Ethics.

Ethics in Information Technology, Second Edition 1 Chapter 1 An Overview of Ethics.

Similar presentations

Ads by Google